Google Git
Sign in
chromium / chromium / src / sandbox / fc712e6a73bf5b37d745c41739735d2d8fa61dce
commitfc712e6a73bf5b37d745c41739735d2d8fa61dce[log] [tgz]
authorRune Lillesveen <futhark@chromium.org>Fri Jan 28 09:14:42 2022
committerCopybara-Service <copybara-worker@google.com>Fri Jan 28 09:30:02 2022
tree6ef3e0a2361962dcaac28b21139d7ef4b006ee17
parent5b32cf712925b6dc144a193682b26823e96d8ea5 [diff]
Revert "One process per policy in chrome://sandbox"

This reverts commit 23a41c068e35f33df1c3579a3b0b469d4458e6c1.

Reason for revert: Dependent on likely culprit CL for failing test
on Windows IntegrationTestsTest.MultipleStuckChildrenSequential

https://ci.chromium.org/p/chromium/builders/ci/win-asan/21045

Original change's description:
> One process per policy in chrome://sandbox
>
> Policies now only apply to a single process so processIds can be
> processId. (There was only ever one pid in the list, now there can
> be only one.)
>
> No change to the main output on chrome://sandbox.
>
> Bug: 1270309
> Change-Id: I6851c622c89699cfe14f55f21930c4d5787d4d87
> Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/3419521
> Reviewed-by: Will Harris <wfh@chromium.org>
> Commit-Queue: Alex Gough <ajgo@chromium.org>
> Cr-Commit-Position: refs/heads/main@{#964450}

Bug: 1270309
Change-Id: I6688aba8cbaaccc7b3a7b89db4c70a1fd5f77796
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/3423825
Reviewed-by: Morten Stenshorne <mstensho@chromium.org>
Bot-Commit: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com>
Commit-Queue: Rune Lillesveen <futhark@chromium.org>
Owners-Override: Rune Lillesveen <futhark@chromium.org>
Cr-Commit-Position: refs/heads/main@{#964489}
NOKEYCHECK=True
GitOrigin-RevId: b87336f144d5031ab16219779991d3e81493c8ea
2 files changed
tree: 6ef3e0a2361962dcaac28b21139d7ef4b006ee17
  1. linux/
  2. mac/
  3. policy/
  4. win/
  5. BUILD.gn
  6. COMMON_METADATA
  7. constants.h
  8. DEPS
  9. DIR_METADATA
  10. features.gni
  11. ipc.dict
  12. OWNERS
  13. README.md
  14. sandbox_export.h
README.md

Sandbox Library

This directory contains platform-specific sandboxing libraries. Sandboxing is a technique that can improve the security of an application by separating untrustworthy code (or code that handles untrustworthy data) and restricting its privileges and capabilities.

Each platform relies on the operating system's process primitive to isolate code into distinct security principals, and platform-specific technologies are used to implement the privilege reduction. At a high-level:

  • mac/ uses the Seatbelt sandbox. See the detailed design for more.
  • linux/ uses namespaces and Seccomp-BPF. See the detailed design for more.
  • win/ uses a combination of restricted tokens, distinct job objects, alternate desktops, and integrity levels. See the detailed design for more.

Built on top of the low-level sandboxing library is the //sandbox/policy component, which provides concrete policies and helper utilities for sandboxing specific Chromium processes and services. The core sandbox library cannot depend on the policy component.